Am 05.05.2010 10:00, schrieb Daniel Troeder: > That is a message from cryptsetup. As you are using openssl to get > the key, I think the problem might be there.
ok .... > lvcreate -n crypttest -L 100M vg0 KEY=`tr -cd [:graph:] < > /dev/urandom | head -c 79` echo $KEY | openssl aes-256-ecb > > verysekrit.key openssl aes-256-ecb -d -in verysekrit.key # (aha :) > openssl aes-256-ecb -d -in verysekrit.key | cryptsetup -v --cipher > aes-cbc-plain --key-size 256 luksFormat /dev/vg0/crypttest openssl > aes-256-ecb -d -in verysekrit.key | cryptsetup luksOpen > /dev/vg0/crypttest decryptedtest cryptsetup luksClose crypttest # (i > couldn't close it... don't know why...) > > The key that cryptsetup is given to decrypt the partition is created > by openssl from the file. Please check the output of $ openssl > aes-256-ecb -d -in verysekrit.key under both kernel - it should be > identical. At first, thank you for your time and work! Tried that. I have to admit that I don't know the decryption password ... but as far as I understand it should be the same as the unix-password of the user sgw. pam_mount.so should read it when I log in, correct? With this password I get a "bad decrypt" so this explains why it fails. Please let me repeat/point out that it is the same for 3 kernels (2.6.32-r1, 2.6.33-r[12] ... ), so I should change the subject to stay correct ... > BTW: You'll get your error message if you run: $ echo > notmykey | cryptsetup luksOpen /dev/vg0/crypttest decryptedtes Yes, correct. - I really wonder what the reason is ... should I downgrade openssl? Thanks Stefan
